About Configuration Drift, Pester and Vester


This topic has been on my mind for quite some time, but it was until recently, when attending a presentation, that the picture became much clearer.
In this post, I would like to share some of my thoughts.

To install and configure vSphere environments, we can use various methods, from manual, all kind of scripting, to fully automated deployments.
vSphere also comes with tools, like Host Profiles which can be helpful. After installation and initial configuration is done, we are not finished. We also want to enforce a consistent configuration, but how?

Again, Host Profiles can be useful to maintain the state of ESXi hosts, but there are some objections. Host Profiles are difficult to setup and maintain (how nice would it be, if you could export / import a Host Profile in a more user friendly .JSON format?). But more important, hosts are only a part of the environment. How about configuration of Clusters, DatastoreClusters, Virtual switches and Virtual machine properties?

Read the rest of this entry »

Hardware, firmware and drivers


Because the subject is still actual, I created an updated version of this post from 2015.

A modern server is besides our favorite ESXi hypervisor loaded with all kinds of additional software, like the BIOS, firmware and drivers for items like; Baseboard management , Remote support interfaces, Storage controllers, NICs, Power Supplies, to name a few.

Some vendors provide ISO images or repositories containing the actual updates, you may run the update process and voila, ready and done.
If you want to stay in control and want some more insight in this subject, please read on.

It comes down to these four questions:

  • What hardware is in the server?
  • How to determine the current firmware and or driver?
  • Which driver and or firmware do I need?
  • How do I upgrade drivers and firmware?

Read the rest of this entry »

ESXi CLIativity – Part 3


In previous post in this series, one and two, I showed you some examples how to run ESXi CLI commands on a more relaxed way with use of the PuTTY tools and some scripting.

In this post, I would like to introduce two other methods to execute ESXi CLI commands.


Microsoft Windows PowerShell and VMware PowerCLI are commonly used by VMware admins. The functionality of PowerShell can be extended by adding Modules. Since PowerShell version 5 adding Modules has become very easy with the introduction of repositories (external and internal). A repository is (said irreverently) a kind of app store where you can retrieve modules. The best known repository is the PowerShell Gallery. If this is all new, the link provides information to get your started, as well as many posts about this topic.

A very handy module is Posh-SSH, created by Carlos Perez, which extend PowerShell with SSH and SCP functionality. The following commands will check for the availability of the PowerShell Gallery and installs the Posh-SSH module.

PS C:\Users> Get-PSRepository

Name      InstallationPolicy   SourceLocation
----      ------------------   --------------
PSGallery Untrusted            https://www.powershellgallery.com/api/v2/

The Get-PSRepository should return the PSGallery as one of the repositories.

Read the rest of this entry »

ESXi CLIativity – Part 2


In my previous post, I showed you how to run scripts on the ESXi CLI with minimal intervention. In this episode, I will show you another example, which will also make use of PowerCLI and one of the PuTTY utilities.

The scenario; Now and then servers need all kind of upgrades; BIOS, NIC and HBA firmware to name a few. Hardware vendors usually offer multiple ways and additional tooling to perform those updates. As an example HPE provides packages, called Smart Components which can be installed from the Operating System layer, in the past limited to Windows and some Linux flavours, today also for ESXi.

Smart Components for ESXi come in the form of a .zip file, named CPxxxxxx.zip . The .zip contains an executable called: CPxxxxxx.vmexe, the firmware CPxxxxxx.vmfile, some additional .xml and .json files and a README.txt with installation instructions. Chances are that during an upgrade cycle of a cluster multiple components need a firmware upgrade, it will become clear that this is a time consuming task. So time for some automation!

Read the rest of this entry »

ESXi boot fatal error 33 inconsistent data


Another quick write-up. Recently, while installing patches and rebooting ESXi hosts, I encountered the following error message during the boot process of an ESXi host: “esxi boot fatal error 33 inconsistent data”, accompanied by the filename causing the inconsistency.

A quick search on the Internet returned various useful tips, ranging from re-installation of ESXi, re-running the installer or replacing the damaged file. However, not all workarounds are applicable in all situations.

Perhaps it is too obvious, but this solution is also to be considered, especially while updating hosts;
Revert the ESXi host to it’s previous version. Now the ESXi host can boot and the installation of the patches can be continued.

This VMware KB outlines how to revert an ESXi host to it’s previous state.

If during the update process of ESXi this error shows up: “The host returns esxupdate error code:15. The package manager transaction is not successful. Check the Update Manager log files and esxupdate log files for more details
Also the esxupdate.log shows “esxupdate: esxupdate: ERROR: InstallationError: (”, ‘There was an error checking file system on altbootbank, please see log for detail.’)”, it is time to have a look at this KB.

I hope this will help. Thank you for reading.

ESXi CLIativity – Part 1


As I showed in a previous post, it is possible to do pretty awesome actions using the ESXi Shell.

By using VMware PowerCLI and some other tools, you can further extend these possibilities.
In this example we use a Windows workstation and the tool Plink.
Plink comes with the well known PuTTY utility and is a command-line connection tool similar to ssh and very useful for automated operations.

As an example, we use the unmap script from this post, the goal is to minimize manual actions. The first step is to deploy and start the unmap script on a more convenient way, without logon to the ESXi host.

Read the rest of this entry »

vCSA and trusted AD sources


Just a quick write up for my own convenience. Large organizations tend to have a lot of everything, from buildings and employees to Domain Controllers.
In times were Domain Controllers undergo maintenance, like an upgrade or relocation, dependent services may be impacted.
The way identity sources are configured differs per product, fortunately less often hard-coded by specifying a single domain controller, usually more flexible by specifying the AD domain.

For a vCenter Server Appliance (vCSA), additional identity sources can be configured, one commonly used is the Active Directory (Integrated Windows Authentication).


BTW, As a prerequisite, the vCSA should be joined to the Windows domain.

Read the rest of this entry »